In this document we use the term ‘ID number’ to mean any message string including passwords and login names, card numbers, currency denominations and check amounts (the last two can be specified either in numeric terms or spelled out in text form). Identification numbers (ID) issued by various national and private organizations are typically application specific and follow a prescribed alpha-numeric format. Examples include the 9-digit social security number issued by the US government, the 8 or 11 alphanumeric bank identification code or SWIFT code set up by the International Standards Organization, the 16-digit bank card number issued by American Express, Visa and the like. In a physical setting where a user has to present a valid form of identification artifact such as a passport or a driver's license, the artifact contains an ID number, a name and a photograph. The photograph in the artifact is checked against the physical appearance of the person presenting the artifact. From the standpoint of user verification, this has a significant drawback in that the alphanumeric data on the artifact is totally independent of the photograph attached to the artifact making it easy to substitute one photograph for another. In some scenarios such as cashing checks, to prevent counterfeiting checks are embedded with either a holographic image or a watermark unique to the issuing entity. The artifacts are viewed from different angles to check the presence of a hologram or watermark. This is also deficient since holograms and watermarks are totally unrelated to the alphanumeric data on the checks.
In many physical and online situations, mere knowledge of the appropriate ID numbers is sufficient to gain access to a variety of services. To prevent unauthorized use, organizations have been resorting to a two-step verification process in which additional information needs to be provided by the user. Techniques such as answering user-supplied or system generated security questions, typing in morphed data provided by patented systems such as CAPTCHA. [See U.S. Pat. No. 6,195,698 B1 “Method for selectively restricting access to computer systems”], one-time verification codes sent via email or text messages to cell phones and computers, etc. are now quite standard. What these techniques share in common is the one-dimensional or linear nature of the verification information to be provided by the user.
In some systems, when a user initially sets up an account, in addition to devising a password, the user is also asked to pick one picture from among a set of system (organization) supplied pictures. The chosen picture along with the devised password is used in future transactions between the user and the organization. This online method, while image-based, is quite ad hoc since there is no intrinsic relationship between the user login name, password and picture. The patented QR code system is a two-dimensional system and it operates very much like the one-dimensional bar code system. See U.S. Pat. No. 5,726,435, JP 2938338 and EPO 0672994. The QR code method is a two-way system in that the data encoded into the black and white image can be easily decoded making it vulnerable to tampering. While newer user identification techniques do employ images as in biometric ID systems, even here there is no intrinsic connection between the alphanumeric data/information and the biometric data/information.
The basic issue that needs to be addressed is whether one can devise techniques to ensure or enhance the integrity of critical alphanumeric data on diverse documents in diverse settings, Simple linear representations of text/character data in both computerized and physical settings greatly facilitate the replication and/or alteration of data meant to be secure. Such replications and alterations can be carried out at an individual level or through automated means.